Particular embodiments generally relate to data management and processing for risk management.
Many regulations exist in which companies must comply. For example, “Auditing Standard No. 5, an Audit of Internal Control over Financial Reporting that is Integrated with an Audit of Financial Statements” (Public Company Accounting Oversight Board, 2007) states that: an auditor should use a top-down approach to the audit of internal control over financial reporting to select the controls to test. A top-down approach begins at the financial statement level and with the auditor's understanding of the overall risks to internal control over financial reporting. The auditor then focuses on entity-level controls and works down to significant accounts and disclosures and their relevant assertions. This approach directs the auditor's attention to accounts, disclosures, and assertions that present a reasonable possibility of material misstatement to the financial statements and related disclosures. The auditor then verifies his or her understanding of the risks in the company's processes and selects for testing those controls that sufficiently address the assessed risk of misstatement to each relevant assertion.
Before Auditing Standard No. 5, a bottom-up approach was used for auditing. For the bottom-up approach, control objectives were first looked at by the auditor. A data model for the bottom-up approach placed risks as attributes of the control objective because the control objectives were accessed first. This allowed the risks to be accessed from the control objectives. However, a top down approach does not access control objectives first and then risks.
The cost for a company to comply with auditing standards, such as Auditing Standard No. 5, may be high. Companies would like to lower the costs for complying with the standards but still be in compliance. However, existing data models may not provide cost savings for a company for a top down approach.